Secure communication between dynamically created Droplets (Tinc VPN)?
I currently have several Droplets that have a tinc mesh VPN configured and it’s working quite well.
However, there is a service that’s being developed which only runs once a month and the intention will be to use the DigitalOcean API to dynamically create and destroy worker Droplets as necessary using a preconfigured snapshot.
The problem is that communication between these workers and core servers is unencrypted as tinc isn’t very dynamic and IP addresses change when droplets are created and destroyed.
Does anyone know of a way of extending tinc to make it a little more dynamic so that it can allow communication with these worker droplets?
I can have the workers run a script at the start to configure tinc on their end with the correct addresses, but it’s making sure communication is allowed to/from the other servers that seems to be the sticking point.
Maybe there’s a way to dynamically use an internal DNS service?